Security, Identity & Compliance Flashcards
Amazon Cloud Directory
Security, Identity & Compliance
Amazon Cloud Directory | Security, Identity & Compliance
Amazon Cloud Directory is a cloud-native, highly scalable, high-performance, multi-tenant directory service that provides web-based directories to make it easy for you to organize and manage all your application resources such as users, groups, locations, devices, and policies, and the rich relationships between them. Cloud Directory is a foundational building block for developers to create directory-based solutions easily and without having to worry about deployment, global scale, availability, and performance.
Unlike existing traditional directory systems, Cloud Directory does not limit organizing directory objects in a single fixed hierarchy. In Cloud Directory, you can organize directory objects into multiple hierarchies to support multiple organizational pivots and relationships across directory information. For example, a directory of users may provide a hierarchical view based on reporting structure, location, and project affiliation. Similarly, a directory of devices may have multiple hierarchical views based on its manufacturer, current owner, and physical location.
Cloud Directory provides virtually unlimited directories. It scales each directory to hundreds of millions of nodes automatically while offering consistent performance. Cloud Directory is optimized for a high rate of low-latency, eventually consistent reads. Developers model directory objects using extensible schemas to enforce data correctness constraints automatically and to make it easier to program against. Cloud Directory offers rich information lookup based on customer-defined indexed attributes, thus enabling fast tree traversals and searches within the directory trees. Cloud Directory data is encrypted at rest and in transit.
Amazon Cognito
Security, Identity & Compliance
Amazon Cognito | Security, Identity & Compliance
Amazon Cognito lets you easily add user sign-up and authentication to your mobile and web apps. Amazon Cognito also enables you to authenticate users through an external identity provider and provides temporary security credentials to access your app’s backend resources in AWS or any service behind Amazon API Gateway. Amazon Cognito works with external identity providers that support SAML or OpenID Connect, social identity providers (such as Facebook, Twitter, Amazon) and you can also integrate your own identity provider.
In addition, Amazon Cognito enables you to synchronize data across a user’s devices so that their app experience remains consistent when they switch between devices or upgrade to a new device. Your app can save data locally on users’ devices allowing your applications to work even when the devices are offline and then automatically synchronize the data when the device is back online.
With Amazon Cognito, you can focus on creating great app experiences instead of worrying about building, securing, and scaling a solution to handle user management, authentication, and sync across platforms and devices.
Amazon GuardDuty
Security, Identity & Compliance
Amazon GuardDuty | Security, Identity & Compliance
Amazon GuardDuty offers threat detection that enables you to continuously monitor and protect your AWS accounts and workloads. GuardDuty analyzes continuous streams of meta-data generated from your account and network activity found in AWS CloudTrail Events, Amazon VPC Flow Logs, and DNS Logs. It also uses integrated threat intelligence such as known malicious IP addresses, anomaly detection, and machine learning to identify threats more accurately.
Amazon Inspector
Security, Identity & Compliance
Amazon Inspector | Security, Identity & Compliance
Amazon Inspector is an automated security assessment service that helps you test the security state of your applications running on Amazon EC2.
Amazon Macie
Security, Identity & Compliance
Amazon Macie | Security, Identity & Compliance
Amazon Macie is an AI-powered security service that helps you prevent data loss by automatically discovering, classifying, and protecting sensitive data stored in AWS. Amazon Macie uses machine learning to recognize sensitive data such as personally identifiable information (PII) or intellectual property, assigns a business value, and provides visibility into where this data is stored and how it is being used in your organization. Amazon Macie continuously monitors data access activity for anomalies, and delivers alerts when it detects risk of unauthorized access or inadvertent data leaks.
AWS Artifact
Security, Identity & Compliance
AWS Artifact | Security, Identity & Compliance
AWS Artifact, available in the console, is a self-service audit artifact retrieval portal that provides our customers with on-demand access to AWS’ compliance documentation.
AWS Certificate Manager (ACM)
Security, Identity & Compliance
AWS Certificate Manager (ACM) | Security, Identity & Compliance
AWS Certificate Manager (ACM) is a service that lets you easily provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services. SSL/TLS certificates are used to secure network communications and establish the identity of websites over the Internet. ACM removes the time-consuming manual process of purchasing, uploading, and renewing SSL/TLS certificates. With ACM, you can request a certificate, deploy it on AWS resources such as Elastic Load Balancers, Amazon CloudFront distributions, or APIs on Amazon API Gateway, and let AWS Certificate Manager handle certificate renewals. You can also import third-party certificates into ACM and associate them with supported AWS Services. SSL/TLS certificates provisioned through ACM are free. You pay only for the AWS resources you create to run your application.
AWS CloudHSM
Security, Identity & Compliance
AWS CloudHSM | Security, Identity & Compliance
The AWS CloudHSM service helps you meet corporate, contractual and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) instances within the AWS cloud. AWS and AWS Marketplace partners offer a variety of solutions for protecting sensitive data within the AWS platform, but for some applications and data subject to contractual or regulatory mandates for managing cryptographic keys, additional protection may be necessary. CloudHSM complements existing data protection solutions and allows you to protect your encryption keys within HSMs that are designed and validated to government standards for secure key management. CloudHSM allows you to securely generate, store and manage cryptographic keys used for data encryption in a way that keys are accessible only by you.
AWS Directory Service
Security, Identity & Compliance
AWS Directory Service | Security, Identity & Compliance
AWS Directory Service is a managed service offering, providing directories that contain information about your organization, including users, groups, computers, and other resources. As a managed offering, AWS Directory Service is designed to reduce management tasks, thereby allowing you to focus more of your time and resources on your business. There is no need to build out your own complex, highly-available directory topology because each directory is deployed across multiple Availability Zones, and monitoring automatically detects and replaces domain controllers that fail. In addition, data replication and automated daily snapshots are configured for you. There is no software to install and AWS handles all of the patching and software updates.
AWS Identity and Access Management (IAM)
Security, Identity & Compliance
AWS Identity and Access Management (IAM) | Security, Identity & Compliance
You can use AWS IAM to securely control individual and group access to your AWS resources. You can create and manage user identities (“IAM users”) and grant permissions for those IAM users to access your resources. You can also grant permissions for users outside of AWS (federated users).
AWS Key Management Service (KMS)
Security, Identity & Compliance
AWS Key Management Service (KMS) | Security, Identity & Compliance
AWS KMS is a managed encryption service that enables you to easily encrypt your data. AWS KMS provides a highly available key storage, management, and auditing solution for you to encrypt your data across AWS services and within your own applications.
AWS Organizations
Security, Identity & Compliance
AWS Organizations | Security, Identity & Compliance
AWS Organizations offers policy-based management for multiple AWS accounts. With Organizations, you can create groups of accounts and then apply policies to those groups. Organizations enables you to centrally manage policies across multiple accounts, without requiring custom scripts and manual processes.
AWS Shield
Security, Identity & Compliance
AWS Shield | Security, Identity & Compliance
AWS Shield is a managed service that provides protection against DDoS attacks for web applications running on AWS. AWS Shield Standard is available to all AWS customers at no additional cost. AWS Shield Advanced is an optional paid service available to AWS Business Support and AWS Enterprise Support customers. AWS Shield Advanced provides additional protections against larger and more sophisticated attacks for your applications running on Elastic Load Balancing (ELB), Amazon CloudFront and Route 53.
AWS Single Sign-On (AWS SSO)
Security, Identity & Compliance
AWS Single Sign-On (AWS SSO) | Security, Identity & Compliance
AWS SSO is an AWS service that enables you to use your existing credentials from your Microsoft Active Directory to access your cloud-based applications, such as AWS accounts and business applications (Office 365, Salesforce, Box), by using single sign-on (SSO).
AWS WAF
Security, Identity & Compliance
AWS WAF | Security, Identity & Compliance
AWS WAF is a web application firewall that helps protect web applications from attacks by allowing you to configure rules that allow, block, or monitor (count) web requests based on conditions that you define. These conditions include IP addresses, HTTP headers, HTTP body, URI strings, SQL injection and cross-site scripting.